FBI Issues SOHO Router Cyberattack Warning

United States Computer Emergency Readiness Team states:

“Devices known to be affected by VPNFilter include Linksys, MikroTik, NETGEAR, and TP-Link networking equipment, as well as QNAP network-attached storage (NAS) devices. Devices compromised by VPNFilter may be vulnerable to the collection of network traffic (including website credentials), as well as the monitoring of Modbus supervisory control and data acquisition (SCADA) protocols.

VPNFilter has a destructive capability that can make the affected device unusable. Because the malware can be triggered to affect devices individually or multiple devices at once, VPNFilter has the potential to cut off internet access for hundreds of thousands of users.”

Defending against the VPNFilter malware threat is extremely difficult for three reasons, according to Cisco:

The majority of the devices are connected directly to the internet, with no security devices or services between them and the potential attackers.

This challenge is augmented by the fact that most of the affected devices have publicly known vulnerabilities which are not convenient for the average user to patch.

Additionally, most have no built-in anti-malware capabilities.

How to Prevent the VPNFilter Malware Cyberattack?

CBM Technology has always recommended its clients to stay away from small office/home office routers for their business. They offer ZERO protection for the network and is one of the weakest links in your network.

Users of SOHO routers and/or NAS devices reset them to factory defaults and reboot them in order to remove the potentially destructive, non-persistent stage 2 and stage 3 malware.

Internet service providers that provide SOHO routers to their users reboot the routers on their customers’ behalf.

If you have any of the devices known or suspected to be affected by this threat, it is extremely important that you work with the manufacturer to ensure that your device is up to date with the latest patch versions. If not, you should apply the updated patches immediately.

ISPs work aggressively with their customers to ensure their devices are patched to the most recent firmware/software versions.